Back to skill
Skillv1.0.0
VirusTotal security
Threat Radar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:36 AM
- Hash
- 0353d93708d76ad1efec4e945e7b225196fb0836e944ef12f1c499421ac05c10
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: threat-radar Version: 1.0.0 The skill is classified as suspicious due to significant functional vulnerabilities and misleading claims, despite lacking direct evidence of malicious intent. The `threat_radar.py` script uses hardcoded 'mock NVD data' in its `_fetch_cve_data` method, rendering its core CVE alerting feature ineffective and contradicting the `SKILL.md`'s claim of pulling from NVD and GitHub. Additionally, the `cron-install` and `cron-remove` commands advertised in `SKILL.md` are not implemented in the Python script, indicating missing functionality. While the code uses `subprocess` and `socket` for scanning, these operations are confined to the stated purpose (e.g., `docker images`, `openssl s_client`, local port checks) and do not show signs of data exfiltration or unauthorized access. The `SKILL.md` itself does not contain any prompt injection attempts.
- External report
- View on VirusTotal